Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007. This update is only relevant for
ESX 2.5.5 and not for other ESX versions.

b. Apache HTTP Server updated to 2.0.63

The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.